[c-nsp] ASA replying to ARP packets for other hosts...
Joseph Jackson
JJackson at aninetworks.com
Wed Sep 6 14:03:53 EDT 2006
> -----Original Message-----
> From: Gert Doering [mailto:gert at greenie.muc.de]
> Sent: Wednesday, September 06, 2006 10:55 AM
> To: Joseph Jackson
> Cc: Jonathan Charles; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ASA replying to ARP packets for other hosts...
>
> Hi,
>
> On Wed, Sep 06, 2006 at 10:17:35AM -0700, Joseph Jackson wrote:
> > Its enabled by default because thats how static translations work.
> > When you do a static the pix has to answer for the host
> since it isn't
> > a layer 3 hop.
>
> It's fine if the PIX does proxy ARP *for statically NATted*
> IP addresses.
>
> Doesn't mean it should do proxy ARP for anything else.
>
> But then, I never found any specific reason to like PIXen.
> And many to dislike them. "Fixup protocol smtp", hah.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
>
I agree its silly that its on by default that isn't named outside. Oh
and its inspect smtp now :)
More information about the cisco-nsp
mailing list